package com.wxy.web.conf;

import com.wxy.web.security.authentication.JwtAuthenticationFilter;
import com.wxy.web.security.authentication.JwtLoginFilter;
import com.wxy.web.security.authorization.AuthEntryPoint;
import com.wxy.web.security.authorization.RestAuthenticationAccessDeniedHandler;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    PasswordEncoder passwordEncoder(){
        return NoOpPasswordEncoder.getInstance();
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        //http.authorizeRequests().anyRequest().permitAll().and().logout().permitAll();
//        http.antMatcher("/test").authorizeRequests()
//               // .antMatchers("/**").anonymous()
//                .antMatchers("/", "/**").permitAll();
        httpSecurity.cors().and().csrf().disable()
                // 不创建会话
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .authorizeRequests()
                .antMatchers("/", "/**").permitAll()
                // 系统监控
                .antMatchers("/actuator/**").anonymous()
                // swagger start
                .antMatchers("/swagger-ui.html").anonymous()
                .antMatchers("/swagger-resources/**").anonymous()
                .antMatchers("/webjars/**").anonymous()
                .antMatchers("/*/api-docs").anonymous()
                // swagger end
                // 接口限流测试
                .antMatchers("/test/**").anonymous()
                .antMatchers(HttpMethod.OPTIONS, "/**").anonymous()
                .antMatchers("/druid/**").permitAll()
                .antMatchers("/upload/**").permitAll()
                .antMatchers("/websocket/**").permitAll()
                .antMatchers("/mobile/**").permitAll()

                .anyRequest().authenticated()
                // 防止iframe 造成跨域
                .and().headers().frameOptions().disable().and()
                .addFilterAt(new JwtLoginFilter(authenticationManager()), UsernamePasswordAuthenticationFilter.class)
                .addFilterAt(new JwtAuthenticationFilter(authenticationManager()), BasicAuthenticationFilter.class)
                .exceptionHandling().accessDeniedHandler(new RestAuthenticationAccessDeniedHandler())
                .authenticationEntryPoint(new AuthEntryPoint());
    }
}
